Open
Conversation
- 4 architectural kill-switch CI gates - property tests now mandatory - Property 6: artifact_passthrough_integrity - Property 7: diagnostics_read_only_surface - diagnostics surface guaranteed read-only - 104 tests passing
- Generate deterministic RUN_ID (YYYYMMDDTHHMMSSZ-<sha>) matching evidence/ naming convention - Use EVIDENCE_DIR variable in failure output for accurate path reporting - Aligns with evidence/run-<RUN_ID>/ directory structure
- docs/hooks/: hook configuration and .kiro.hook reference copies - docs/steering/: steering reference copies (product, rules, structure, tech) - docs/specs/pre-ci-discipline/: pre-CI discipline spec (requirements, design, tasks) - docs/specs/phase13-trust-registry-propagation/: Phase 13 trust registry spec - scripts/ci/test_pre_ci_discipline.sh: pre-CI discipline test script - userspace/proofd/proptest-regressions/lib.txt: proptest regression seeds
…mization - Add ci-kill-switch-phase13 target grouping all 13 Phase-13 kill-switch gates (proof integrity, distributed verification, observability isolation, reputation prohibition) - Wire ci-kill-switch-phase13 into ci-freeze pipeline (was: implemented but not enforced) - Add PRE_CI_MODE=1 support to ci-gate-boundary: skips kernel rebuild when existing artifact present, preventing local pre-ci timeout - Update pre_ci_discipline.sh to pass PRE_CI_MODE=1 for boundary gate Phase-13 kill-switch gates now enforced in CI. Local pre-ci discipline remains advisory (4 gates only).
Shell grep-per-symbol loop was O(n*m) process forks causing boundary gate timeout on macOS. Replace steps 2+3 with symbol_scan_match.py which compiles all patterns once and runs in-process. Before: timeout (>30s) After: 0.4s Evidence format and exit codes unchanged.
search() on anchored patterns (^...$) is functionally equivalent but fullmatch() correctly expresses the intent: exact symbol match, not substring. Consistent across both deny and allow steps.
…SS state (Constitutional Rule 7) Phase status updates: - Phase-10/11: OFFICIALLY CLOSED (remote CI run 22797401328) - Phase-12: OFFICIALLY CLOSED (remote CI run 23099070483, PR #62, tag phase12-official-closure-confirmed) - Phase-13: KILL_SWITCH_GATES_PASS (6/6 gates PASS, tag phase13-kill-switch-gates-pass at 0ec4bb5) - CURRENT_PHASE=12 (formal transition at 0adb2a8) Files updated: - ARCHITECTURE_FREEZE.md: CI gate list updated to 23-gate chain, status section updated, version 1.4→1.5 - docs/roadmap/freeze-enforcement-workflow.md: Section 2.1 full gate list + execution order rationale + gate order change protocol; Section 2.3 gate order lock note - docs/roadmap/README.md: Phase status and CURRENT_PHASE pointer corrected - docs/development/PROJECT_STATUS_REPORT.md: Phase-12 CLOSED, Phase-13 kill-switch status, date updated - docs/development/DOCUMENTATION_INDEX.md: CURRENT_PHASE=12, Phase-12/13 status corrected - docs/steering/product.md: Current Status section updated with all phase closures and 23-gate count - docs/steering/tech.md: Mandatory Gates section updated with full 23-gate ordered list Refs: Constitutional Rule 7 (Documentation Synchronization)
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 328a25b3f4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| echo "" | ||
| echo "Inspect evidence under:" | ||
| echo " ${EVIDENCE_ROOT:-out/evidence}/run-<RUN_ID>/reports/" | ||
| echo " ${EVIDENCE_DIR}/" |
There was a problem hiding this comment.
The failure message now prints a concrete run-${RUN_ID} evidence directory, but this script-local RUN_ID is never exported or passed into the make gate commands, so each gate can write evidence under a different Makefile-generated run id; when a gate fails, users are directed to the wrong directory and cannot find the actual artifacts for debugging. This is reproducible by running the script with a mocked make and observing RUN_ID is unset in child invocations.
Useful? React with 👍 / 👎.
Comment on lines
+66
to
+69
| case "\$1" in | ||
| ci-gate-abi) exit ${abi_exit} ;; | ||
| ci-gate-boundary) exit ${boundary_exit} ;; | ||
| ci-gate-hygiene) exit ${hygiene_exit} ;; |
There was a problem hiding this comment.
The mock make dispatcher keys only on $1, but the updated boundary invocation is make PRE_CI_MODE=1 ci-gate-boundary, where $1 is PRE_CI_MODE=1 and the target is $2; this prevents boundary failures from being simulated, so fail-closed assertions for the boundary step become invalid (e.g., bash scripts/ci/test_pre_ci_discipline.sh reports boundary checks failing for the wrong reason). The mock should skip leading VAR=... args before matching the gate target.
Useful? React with 👍 / 👎.
…snapshot.abdf in CI)
…aths field (phase13 additive)
…13 §4.1 spec - GATE_REGISTRY.md: remove ci-gate-proof-bundle from verification artifact integrity supporting gates (consistent with Makefile change) - PHASE13_KILL_SWITCH_GATES.md: same removal - Add phase13-service-backed-verification-expansion spec: requirements.md, design.md, tasks.md
- design.md: add atomic manifest creation (O_CREAT|O_EXCL) design - design.md: add path normalization flow (two-layer: segment safety + allowed set) - design.md: add spec projection layer (FederationDiagnosticsProjection) - design.md: add forbidden fields compile-time guard (PHASE13_FORBIDDEN_FIELDS const) - design.md: add P9 path traversal normalization property test - design.md: add 'diagnostics never influence verification result' kill-switch invariant - design.md: update data models section with projection structs - tasks.md: expand task 4 with path normalization sub-task (4.3) - tasks.md: rewrite task 6 with projection struct sub-tasks (6.2-6.5) - tasks.md: add P9 to task 7 (7.7) - tasks.md: add task 8 (atomic manifest creation) - tasks.md: add task 9 (spec projection layer isolation) - tasks.md: add task 10 (forbidden fields serialize-level guard) - requirements.md: already updated in previous session
…fingerprint to response - run_id field in VerifyBundleRequestBody is now Option<String> - If run_id is not provided, one will be generated automatically - Add request_fingerprint field to VerifyBundleResponseBody - Add AtomicU64 counter for generated run_id uniqueness - Add OpenOptions/Write/ErrorKind imports for atomic manifest writes - Minor formatting cleanup in harness and boundary diagnostics
…e-13 active state - README.md: update CURRENT_PHASE to officially closed, remove PR #54/local-closure-ready references, add Phase-13 kill-switch PASS status, update Yakın Hedef to Phase-13 workstreams - phase-4-5-spec.md: remove all duration/timeline estimates (Duration: X weeks, Q2/Q3 2026, Total Duration, Start Date, Expected Completion) - constitutional-system-roadmap.md: replace Phase 13/14/15 Q-date labels with status-based descriptions, update Last Updated and Next Milestone - ROADMAP_2026_02_23.md: replace stale blocker (missing_marker:P10_RING3_USER_CODE) with Phase-10/11/12 official closure status, remove week/quarter time estimates from short/medium/long term sections, update risks and success criteria to Phase-13 context
- kernel/sys/execution_slot.c: new execution slot allocator with lifecycle state machine (CREATED→READY→RUNNING→COMPLETED), critical section guards, FIFO queue, and owner PID tracking - kernel/include/execution_slot.h: execution slot types and API declarations - kernel/sys/syscall_v2.c: sys_v2_submit_execution now uses real execution slot allocation and enqueue; sys_v2_wait_result reads slot state machine; sys_v2_time_query wired to real timer_ticks() / timer_ticks_to_ms() - kernel/arch/x86_64/timer.h/.c: expose timer_ticks_to_ms() helper - kernel/include/proc.h: minor addition for execution context - kernel/kernel.c: execution slot subsystem init - kernel/sched/sched.c: sched_take_resched / deferred preemption hook - shared/abi/syscall_v2.h: TIME_QUERY_MONOTONIC / TIME_QUERY_UPTIME constants - kernel/tests/validation/: update phase2 and syscall_count tests - docs/development/SYSCALL_RUNTIME_REALITY.md: new — documents real vs stub status per syscall - docs/development/SYSCALL_TRANSITION_GUIDE.md: trim legacy content - docs/syscall_transition_guide.md: cross-reference update - docs/specs/phase10b-execution-path-hardening/: new spec (requirements, design, tasks, progress) for Phase 10-B execution path hardening
…raint - SYSCALL_RUNTIME_REALITY.md: note that current pickup path allows only one active execution per user process until completion/exit plumbing lands - SYSCALL_TRANSITION_GUIDE.md: same clarification in incomplete syscall table - phase10b progress.md: add note about active_execution_id single-slot limit
…_result syscalls Embedded userspace binary updated to exercise new execution slot lifecycle: - Uses sys_v2_submit_execution (1003) with stack-allocated BCIB buffer - Uses sys_v2_wait_result (1004) to poll slot state - Replaces previous debug_putchar-only loop
.cargo/config.toml sets target-dir = out/cargo, so the proof-verifier binary is built to out/cargo/debug/proof-verifier, not ayken-core/target/debug/proof-verifier. gate_proof_verifier_cli.sh had the wrong hardcoded path, causing ci-gate-proof-verifier-cli to fail with: runtime_error:CLI binary does not exist at .../ayken-core/target/debug/proof-verifier Also includes pending kernel/execution_slot and docs changes from phase10b work.
…-inbox minimal spec
embedded_elf.h is a build artifact generated by tools/embed_elf.py from userspace/minimal/minimal.elf. It is intentionally regenerated during build and its integrity is already enforced by ci-gate-embedded-elf-hash (header hash == built ELF SHA256). Excluding it from the dirty-tracked check prevents false hygiene failures when CI toolchain produces a different binary than the committed header.
…tasks - Add execution-inbox-minimal-spec.md: fixed-VA delivery contract, kernel-write/user-read-only inbox, publish-order rules, latch guard - Update progress.md: record inbox spec and implementation plan slices - Update tasks.md: mark 6.3 complete, add 6.4/6.5 inbox implementation targets No code changes. Documentation-only update.
…validation - execution_slot.h: replace bcib_phys with bcib_frames[4] frame list, add bcib_frame_count, PAYLOAD_WINDOW constants, store_bcib_locked decl - execution_slot.c: add phys frame alloc/zero/free for BCIB backing, release backing on terminal transitions (FAILED/TIMEOUT/ABORTED), add execution_slot_store_bcib_locked() implementation - syscall_v2.c: add buffer-span mapped check, live user context resolver, oversize BCIB fail-closed guard, wire store_bcib_locked into submit path Preconditions from execution-inbox-minimal-spec.md now satisfied: - submit_execution copies BCIB into kernel-owned backing - slot metadata describes bounded payload frames - oversize submissions fail closed make kernel: PASS (165 symbols, no new warnings)
…ecks - Add ensure_validation_worker_proc() helper for live user process fixture - Pass real target_worker->pid to submit_execution (replaces hardcoded 1001) - Assert kernel-owned BCIB backing copy correctness (bcib_frames[0] content) - Add oversize BCIB rejection test (PAYLOAD_WINDOW_SIZE + 1) - Add non-live context rejection test (pid 999999) - Update pickup_locked call to use real target worker pid Compile: PASS (16 pre-existing sign-compare warnings, no new warnings)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Freeze PR Template
Gate Run
evidence/run-<id>/):Gate Verdicts
ci-gate-abi):ci-gate-boundary):ci-gate-tooling-isolation):ci-gate-constitutional):ci-gate-workspace):ci-gate-hygiene):ci-gate-performance):ci-summarize):Tooling Isolation Guard
yes/nokernel touch = 0:yes/noevidence/run-<id>/gates/tooling-isolation/):Contract Change
yes/noRFC / Waiver
Claim Check
If this PR claims
Completed/Production-ready, all must be true:summary.jsonverdict isPASSNotes